The L2VPN is independent of the VMkernel networks used for migration traffic (ESXi management or vMotion), which use either a separate IPsec VPN or a Direct Connect connection.

Default Gateway remains on-prem

An L2VPN can extend up to 25 of your on-premises networks.

The L2VPN is based on a L2VPN client and a L2VPN server. The L2VPN Server is located within VMware Cloud on AWS while the L2VPN Client can either a NSX Edge Client if a customer already runs NSX on-premises or the “Standalone Edge Client” (deployable with an OVA).

Note that you don’t need to own NSX licenses in order to run the ‘standalone edge client’ – it is free to download on my.vmware.com

Standalone Edge Client on my.vmware.com

The L2VPN
traffic is transported in GRE over IPSEC in the NSX-T Release (SSL/TCP in the
previous NSX-V release).